I've never had much success with Static Host Lists, but if your Role Mapping is working properly for the "Corp" role, you wouldn't need to reference the "Not Belongs to Group" piece for the Mobile if you're policy is first match based on the image you provided. Alternatively, if those are your only two conditions, you could set "Mobile" as the default role and remove that 2nd rule all together.
I agree with Michel Haring in the post above, although it is true, your rule is not badly made, it may not be the best option. If already in a rule you tell him the role that should have, in the other by default should not take so go to the next being NOT necessary to put the "NOT_BELONGS_TO", in addition to it if you do not have more rules, in the default you can leave the other and ready, as the partner comments.
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.